[Oisf-users] libhtp defaults in suricata.yaml
Victor Julien
victor at inliniac.net
Fri Aug 10 13:53:20 UTC 2012
On 08/08/2012 06:35 PM, Eoin Miller wrote:
> Wondering if we could increase the values slightly from 3072? Missing a
> good deal of alerting because of these default values. Below is default
> from suricata.yaml:
>
> ---SNIP---
> libhtp:
>
> default-config:
> personality: IDS
> # Can be specified in kb, mb, gb. Just a number indicates
> # it's in bytes.
> request-body-limit: 3072
> response-body-limit: 3072
> ---SNIP---
>
>
> Maybe something more like:
>
> ---SNIP---
> libhtp:
>
> default-config:
> personality: IDS
> # Can be specified in kb, mb, gb. Just a number indicates
> # it's in bytes.
> request-body-limit: 128kb
> response-body-limit: 512kb
> ---SNIP---
>
Can you share sigs (+pcaps) that are not alerting with the default setting?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list